Widespread website outages beginning early Oct. 21 are suspected to have been caused by a massive distributed denial-of-service attack against DNS service provider Dyn. Numerous sites, including Amazon and Twitter, were sporadically unavailable.

IoT botnets, the term for armies of hacked internet-connected devices, aren't going away. And an anecdote from the field shows the gravity of the problem and why it's unlikely to be resolved any time soon.

The internet of things is being compromised by malware-wielding attackers exploiting default credentials baked into devices. What will it take for manufacturers to ship devices that are secure by default?

Bad news: A developer has released the source code for Mirai malware, which is designed to automatically find and hack internet of things devices, turning them into DDoS cannons. The malware has been tied to recent record-smashing DDoS attacks.

A new cyberattack trend report from Europol notes that while online criminals continue to refine their capabilities, old and unsophisticated attacks too often still succeed, thanks to poor digital hygiene and a lack of security by design and user awareness.

The Australian Bureau of Statistics blames IBM for failing to stop distributed denial-of-service attacks that crippled its website on the evening of the country's largest-ever online census. But were census-takers misinterpreted as DDoS attackers?

The cybercrime sector involves a rapidly growing services economy that provides everything from bulletproof hosting and stresser/booter DDoS on demand, to ransomware-as-a-service and sites that offer to launder bitcoins via a process known as tumbling.

Two men have been arrested by Israeli police, at the request of the FBI, in connection with an investigation into the vDos site, which provided distributed denial-of-service - a.k.a. stresser or booter - attacks on demand.

The breach of porn site Brazzers - which allows users to swap fantasies in online forums - begs the question of how many users employed throwaway usernames and passwords. Some 1,446 U.S. military and 41 U.S. government email addresses were found in the data dump.

Vikrant Arora, CISO of NYC Health & Hospitals, offers the four most important questions a board must ask the CISO to get a good understanding of how the organization is addressing top cybersecurity concerns.

A lesson from down under: A report on unintentionally creating a distributed-denial-of-service attack aimed at oneself highlights the latest edition of the ISMG Security Report. Also, a report on interpreting HIPAA privacy standards more stringently.

A new research project called Amnesia tackles the password management problem by not storing full data in any one place where it can be hacked. But does this proposed solution truly offer better password security?

Australia's census debacle has prompted questions over whether main contractor IBM made errors, and if the Australian Bureau of Statistics underestimated the resources it needed to successfully power a busy, online service.